Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-03 10:29:58 2014-07-03 10:31:58 120 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine4 xpmachine4 VirtualBox 2014-07-03 10:29:58 2014-07-03 10:31:58

File Details

File name order_id_467832647826378462387462837.exe
File size 111616 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 15596EBA
MD5 dc3a86c05cd696b7715c0a0d3a12f952
SHA1 d9d5b331582e62a910e5922450db8e9aa932af56
SHA256 6f971b1109571dd4badfc148ee4facf146149ca1e4d7c121373e09b7b5a83364
SHA512 7bdb9a49e266fadfef5e76790c86082eeb170b3d3ab3b02d945ad5976e67928b15ee5ef981254356215d4f202e07aed7bb9b5c88c04ba2e379eba3927c90240a
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-03 14:13:48
Detection Rate: 2/53 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Version Infos

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

order_id_467832647826378462387462837.exe PID: 968, Parent PID: 384

Volatility

Nothing to display.